c897b896e3fa2314b7f6923fd301d4b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c897b896e3fa2314b7f6923fd301d4b6_JaffaCakes118
Size

7KB
MD5

c897b896e3fa2314b7f6923fd301d4b6
SHA1

c8d479a87625140cc9a614ff8b3e347f0baee593
SHA256

53031b7367fae48e7ae77f50e680f94701e92b647985b354eb6af494ad1c11d2
SHA512

bf21ed15c1f553db1cd26c03316a0f7512c876ab748181c6bd42d95b20ed239a90d92e7ffc9b4f50603ec48ecbd9d6c7b65379aa0c58ff4d92c5f880aeb89d18
SSDEEP

192:3+x5ENMyGwovKSGf+ul0jLyo1tzIK+/v8i:nMySKi3LT7zIK+v9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c897b896e3fa2314b7f6923fd301d4b6_JaffaCakes118

Files

c897b896e3fa2314b7f6923fd301d4b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28fb0f4167e8cb791f979b847bd05674

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
WideCharToMultiByte
GetModuleFileNameW
lstrcatA
VirtualQuery
InterlockedExchange
RtlUnwind
CreateEventA
WaitForSingleObject
CloseHandle
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
SetEvent
CreateThread
GetProcAddress
ExitThread
CompareStringA
Process32First
CreateToolhelp32Snapshot
GetProcessHeap

user32

IsWindow
ShowWindow
DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE